ceph ceph CVE-2018-10861 vulnerability in Ceph and Other Products
Published on July 10, 2018

product logo product logo product logo product logo
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2018-10861 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2018-10861

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10861 are published in these products:

Ceph
 
Red Hat Ceph Storage
 
Red Hat Ceph Storage Mon
 
Red Hat Ceph Storage Osd
 
Debian Linux
 
OpenSuse Leap
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Workstation
 

Affected Versions

Red Hat, Inc. ceph Version all versions in branches master, mimic, luminous and jewel is affected by CVE-2018-10861

Exploit Probability

EPSS
0.58%
Percentile
68.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.